PageRenderTime 27ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/symphony/lib/core/class.cookie.php

https://github.com/bauhouse/sym-designprojectx
PHP | 202 lines | 62 code | 24 blank | 116 comment | 13 complexity | bb9e0d931800d04216a13369b424f979 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @package core
    5. 

  5.  */
    6. 

  6. if (!defined('__IN_SYMPHONY__')) {
    7. 

  7.     die('<h2>Symphony Error</h2><p>You cannot directly access this file</p>');
    8. 

  8. }
    9. 

  9. 

  10. /**
    11. 

  11.  * The Cookie class is a wrapper to save Symphony cookies. Typically this
    12. 

  12.  * is used to maintain if an Author is logged into Symphony, or by extensions
    13. 

  13.  * to determine similar things. The Cookie class is tightly integrated with
    14. 

  14.  * PHP's `$_SESSION` global and it's related functions.
    15. 

  15.  */
    16. 

  16. 

  17. class Cookie
    18. 

  18. {
    19. 

  19.     /**
    20. 

  20.      * Used to prevent Symphony cookies from completely polluting the
    21. 

  21.      * `$_SESSION` array. This will act as a key and all
    22. 

  22.      * cookies will live under that key. By default, the index is read from
    23. 

  23.      * the Symphony configuration, and unless changed, is `sym-`
    24. 

  24.      *
    25. 

  25.      * @var string
    26. 

  26.      */
    27. 

  27.     private $_index;
    28. 

  28. 

  29.     /**
    30. 

  30.      * This variable determines if the Cookie was set by the Symphony Session
    31. 

  31.      * class, or if it was set directly. By default, this is false as the Symphony cookie
    32. 

  32.      * created directly in the Symphony constructor, otherwise it will be an instance
    33. 

  33.      * of the Session class
    34. 

  34.      *
    35. 

  35.      * @see core.Symphony#__construct()
    36. 

  36.      * @var Session|boolean
    37. 

  37.      */
    38. 

  38.     private $_session = false;
    39. 

  39. 

  40.     /**
    41. 

  41.      * How long this cookie is valid for. By default, this is 0 if used by an extension,
    42. 

  42.      * but it is usually set for 2 weeks in the Symphony context.
    43. 

  43.      *
    44. 

  44.      * @var integer
    45. 

  45.      */
    46. 

  46.     private $_timeout = 0;
    47. 

  47. 

  48.     /**
    49. 

  49.      * The path that this cookie is valid for, by default Symphony makes this the whole
    50. 

  50.      * domain using /
    51. 

  51.      *
    52. 

  52.      * @var string
    53. 

  53.      */
    54. 

  54.     private $_path;
    55. 

  55. 

  56.     /**
    57. 

  57.      * The domain that this cookie is valid for. This is null by default which implies
    58. 

  58.      * the entire domain and all subdomains created will have access to this cookie.
    59. 

  59.      *
    60. 

  60.      * @var string
    61. 

  61.      */
    62. 

  62.     private $_domain;
    63. 

  63. 

  64.     /**
    65. 

  65.      * Determines whether this cookie can be read by Javascript or not, by default
    66. 

  66.      * this is set to true, meaning cookies written by Symphony cannot be read by Javascript
    67. 

  67.      *
    68. 

  68.      * @var boolean
    69. 

  69.      */
    70. 

  70.     private $_httpOnly = true;
    71. 

  71. 

  72.     /**
    73. 

  73.      * Determines whether this cookie will be sent over a secure connection or not. If
    74. 

  74.      * true, this cookie will only be sent on a secure connection. Defaults to false
    75. 

  75.      * but will automatically be set if `__SECURE__` is true
    76. 

  76.      *
    77. 

  77.      * @since Symphony 2.3.3
    78. 

  78.      * @see boot
    79. 

  79.      * @var boolean
    80. 

  80.      */
    81. 

  81.     private $_secure = false;
    82. 

  82. 

  83.     /**
    84. 

  84.      * Constructor for the Cookie class intialises all class variables with the
    85. 

  85.      * given parameters. Most of the parameters map to PHP's setcookie
    86. 

  86.      * function. It creates a new Session object via the `$this->__init()`
    87. 

  87.      *
    88. 

  88.      * @see __init()
    89. 

  89.      * @link http://php.net/manual/en/function.setcookie.php
    90. 

  90.      * @param string $index
    91. 

  91.      *  The prefix to used to namespace all Symphony cookies
    92. 

  92.      * @param integer $timeout
    93. 

  93.      *  The Time to Live for a cookie, by default this is zero, meaning the
    94. 

  94.      *  cookie never expires
    95. 

  95.      * @param string $path
    96. 

  96.      *  The path the cookie is valid for on the domain
    97. 

  97.      * @param string $domain
    98. 

  98.      *  The domain this cookie is valid for
    99. 

  99.      * @param boolean $httpOnly
    100. 

  100.      *  Whether this cookie can be read by Javascript. By default the cookie
    101. 

  101.      *  cannot be read by Javascript
    102. 

  102.      * @throws Exception
    103. 

  103.      */
    104. 

  104.     public function __construct($index, $timeout = 0, $path = '/', $domain = null, $httpOnly = true)
    105. 

  105.     {
    106. 

  106.         $this->_index = $index;
    107. 

  107.         $this->_timeout = $timeout;
    108. 

  108.         $this->_path = $path;
    109. 

  109.         $this->_domain = $domain;
    110. 

  110.         $this->_httpOnly = $httpOnly;
    111. 

  111. 

  112.         if (defined('__SECURE__')) {
    113. 

  113.             $this->_secure = __SECURE__;
    114. 

  114.         }
    115. 

  115. 

  116.         $this->_session = $this->__init();
    117. 

  117.     }
    118. 

  118. 

  119.     /**
    120. 

  120.      * Initialises a new Session instance using this cookie's params
    121. 

  121.      *
    122. 

  122.      * @throws Throwable
    123. 

  123.      * @return string|boolean
    124. 

  124.      */
    125. 

  125.     private function __init()
    126. 

  126.     {
    127. 

  127.         $this->_session = Session::start($this->_timeout, $this->_path, $this->_domain, $this->_httpOnly, $this->_secure);
    128. 

  128. 

  129.         if (!$this->_session) {
    130. 

  130.             return false;
    131. 

  131.         }
    132. 

  132. 

  133.         if (!isset($_SESSION[$this->_index])) {
    134. 

  134.             $_SESSION[$this->_index] = array();
    135. 

  135.         }
    136. 

  136. 

  137.         // Class FrontendPage uses $_COOKIE directly (inside it's __buildPage() function), so try to emulate it.
    138. 

  138.         // @deprecated will be removed in Symphony 3.0.0
    139. 

  139.         $_COOKIE[$this->_index] = &$_SESSION[$this->_index];
    140. 

  140. 

  141.         return $this->_session;
    142. 

  142.     }
    143. 

  143. 

  144.     /**
    145. 

  145.      * A basic setter, which will set a value to a given property in the
    146. 

  146.      * `$_SESSION` array, stored in the key of `$this->_index`
    147. 

  147.      *
    148. 

  148.      * @param string $name
    149. 

  149.      *  The name of the property
    150. 

  150.      * @param string $value
    151. 

  151.      *  The value of the property
    152. 

  152.      */
    153. 

  153.     public function set($name, $value)
    154. 

  154.     {
    155. 

  155.         $_SESSION[$this->_index][$name] = $value;
    156. 

  156.     }
    157. 

  157. 

  158.     /**
    159. 

  159.      * Accessor function for properties in the `$_SESSION` array
    160. 

  160.      *
    161. 

  161.      * @param string $name
    162. 

  162.      *  The name of the property to retrieve (optional)
    163. 

  163.      * @return string|null
    164. 

  164.      *  The value of the property, or null if it does not exist. If
    165. 

  165.      *  no `$name` is provided, return the entire Cookie.
    166. 

  166.      */
    167. 

  167.     public function get($name = null)
    168. 

  168.     {
    169. 

  169.         if (is_null($name) && isset($_SESSION[$this->_index])) {
    170. 

  170.             return $_SESSION[$this->_index];
    171. 

  171.         }
    172. 

  172. 

  173.         if (isset($_SESSION[$this->_index]) && is_array($_SESSION[$this->_index]) && array_key_exists($name, $_SESSION[$this->_index])) {
    174. 

  174.             return $_SESSION[$this->_index][$name];
    175. 

  175.         }
    176. 

  176. 

  177.         return null;
    178. 

  178.     }
    179. 

  179. 

  180.     /**
    181. 

  181.      * Expires the current `$_SESSION` by unsetting the Symphony
    182. 

  182.      * namespace (`$this->_index`). If the `$_SESSION`
    183. 

  183.      * is empty, the function will destroy the entire `$_SESSION`
    184. 

  184.      *
    185. 

  185.      * @link http://au2.php.net/manual/en/function.session-destroy.php
    186. 

  186.      */
    187. 

  187.     public function expire()
    188. 

  188.     {
    189. 

  189.         if (!isset($_SESSION[$this->_index]) || !is_array($_SESSION[$this->_index]) || empty($_SESSION[$this->_index])) {
    190. 

  190.             return;
    191. 

  191.         }
    192. 

  192. 

  193.         unset($_SESSION[$this->_index]);
    194. 

  194. 

  195.         // Calling session_destroy triggers the Session::destroy function which removes the entire session
    196. 

  196.         // from the database. To prevent logout issues between functionality that relies on $_SESSION, such
    197. 

  197.         // as Symphony authentication or the Members extension, only delete the $_SESSION if it empty!
    198. 

  198.         if (empty($_SESSION)) {
    199. 

  199.             session_destroy();
    200. 

  200.         }
    201. 

  201.     }
    202. 

  202. }
    203. 

  203.